Numerous PC and server models utilizing Intel CPUs may be impacted by CVE-2024-0762, a vulnerability in Phoenix SecureCore UEFI firmware, which could lead to code execution and privilege escalation. The vulnerability, named UEFIcanhazbufferoverflow, was discovered by Eclypsium’s automatic analysis system. Exploiting this vulnerability could allow attackers to elevate privileges and execute arbitrary code in the UEFI firmware during operation. Eclypsium has warned about the potential exploitation of this vulnerability by threats such as the Black Lotus UEFI rootkit.
This vulnerability represents a significant threat to IT infrastructure, as compromising the UEFI firmware could grant an attacker full and persistent control over the device. The investigation revealed that the vulnerability is related to an insecure variable in the Trusted Platform Module (TPM) configuration. Notably, the vulnerable SecureCore UEFI firmware is utilized in numerous Intel mobile, desktop, and server processors by manufacturers such as Lenovo, Acer, Dell, and HP.
Phoenix Technologies has released a patch for CVE-2024-0762, acknowledging its impact on various Intel CPU lines, including Alder Lake, Coffee Lake, Comet Lake, Ice Lake, Jasper Lake, Kaby Lake, Meteor Lake, Raptor Lake, Rocket Lake, and Tiger Lake. Device manufacturers have initiated the patch deployment to their products, with Lenovo advising customers about the vulnerability and planning to roll out patches for some PCs later this summer.